// Step 1: Administrator account details. if ($_DB->query('SHOW TABLES LIKE "' . TABLE_USERS . '"')->fetchColumn() && $_DB->query('SELECT COUNT(*) FROM ' . TABLE_USERS)->fetchColumn()) { // We already have a database user! header('Location: ' . PROTOCOL . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?step=' . ($_GET['step'] + 2)); exit; } $_T->printHeader(); lovd_printSideBar(); require ROOT_PATH . 'inc-lib-form.php'; // Load User class. require ROOT_PATH . 'class/object_users.php'; $_USER = new LOVD_User(); print ' <B>Administrator account details</B><BR>' . "\n" . ' <BR>' . "\n\n"; if (isset($_GET['sent'])) { lovd_errorClean(); $_USER->checkFields($_POST); if (!lovd_error()) { // Gather information and go to next page. // Prepare password... $_POST['password'] = lovd_createPasswordHash($_POST['password_1']); unset($_POST['password_1'], $_POST['password_2']); print ' Account details OK. Ready to proceed to the next step.<BR>' . "\n" . ' <BR>' . "\n\n"; lovd_printInstallForm(); $_T->printFooter(); exit; } else { // Errors, thus we must return to the form. Remove the password fields! unset($_POST['password_1'], $_POST['password_2']); } } else { // Default values.
require ROOT_PATH . 'class/object_users.php'; $_DATA = new LOVD_User(); $zData = $_DATA->loadEntry($nID); require ROOT_PATH . 'inc-lib-form.php'; // Require special clearance, if user is not editing himself. // Necessary level depends on level of user. Special case. if ($nID != $_AUTH['id'] && $zData['level'] >= $_AUTH['level']) { // Simple solution: if level is not lower than what you have, you're out. // This is a hack-attempt. // FIXME: This function and its use is a bit messy. lovd_showPageAccessDenied('Tried to edit user ID ' . $nID . ' (' . $_SETT['user_levels'][$zData['level']] . ')', PAGE_TITLE, 'Not allowed to edit this user. This event has been logged.'); exit; } if (!empty($_POST)) { lovd_errorClean(); $_DATA->checkFields($_POST); if (!lovd_error()) { // Fields to be used. $aFields = array('password', 'password_autogen', 'password_force_change', 'edited_by', 'edited_date'); // Prepare values. $_POST['password'] = lovd_createPasswordHash($_POST['password_1']); $_POST['password_autogen'] = ''; $_POST['password_force_change'] = 0; $_POST['edited_by'] = $_AUTH['id']; $_POST['edited_date'] = date('Y-m-d H:i:s'); $_DATA->updateEntry($nID, $_POST, $aFields); // Write to log... lovd_writeLog('Event', LOG_EVENT, 'Changed password for user ' . $nID . ' - ' . $zData['username'] . ' (' . $zData['name'] . ') - with level ' . $_SETT['user_levels'][$zData['level']]); // Thank the user... header('Refresh: 3; url=' . lovd_getInstallURL() . CURRENT_PATH); $_T->printHeader();